As of August 2020 the site you are on (wiki.newae.com) is deprecated, and content is now at rtfm.newae.com.

Changes

Jump to: navigation, search

Tutorial A5-Bonus Breaking AES-256 Bootloader

321 bytes added, 14:05, 23 June 2016
Moved source code
* Repeat of theory from tutorial
== Bootloader Source Code The IV ==In this tutorial, we have the luxury of seeing the source code of the bootloader. This is generally not something we would have access to in the real world, so we'll try not to use it to cheat. (Peeking at <code>supersecret.h</code> counts as cheating.)* Suggest some ideas== The Signature ==* Timing attack* Show firmware
The important part = Exploring the Bootloader =In this tutorial, we have the luxury of seeing the source code of the bootloader . This is generally not something we would have access to in the real world, so we'll try not to use it to cheat. (Peeking at <code includes >supersecret.h</code> counts as cheating.) Instead, we'll use the decryptionsource to help us identify important parts of the power traces. == Bootloader Source Code ==Inside the bootloader's main loop, it does three tasks that we're interested in:* it decrypts the incoming ciphertext;* it applies the IV application, to the decryption's result; and * it checks for the signature checkin the resulting plaintext. This snippet from <code>bootloader.c</code> shows all threeof these tasks:
<pre>
}
</pre>
 
This gives us a pretty good idea of how the microcontroller is going to do its job. However, we can go one step further and find the exact assembly code that the target will execute. If you have Atmel Studio and its toolchain on your computer, you can get the assembly file from the command line with
<pre>
3a2: 87 cf rjmp .-242 ; 0x2b2
</pre>
Let's examine this code in more detail.
We'll use both of the source files throughout the tutorial. == The IV Power Traces ==* Suggest some ideas == The Signature Matching Power to Code ==* Timing attack* Show firmware
= Attacking the IV =
Approved_users
510
edits

Navigation menu